How Do You Protect Yourself From A Potential ICO Threat?
Angela Brown | 2018
As a small business, you are registered with the HMRC and with the ICO as a data controller and/or processor right, RIGHT?
It is important to ensure that you have got your policies and processes set up and you have undertaken the necessary training and that your paperwork in order, that’s a given. If you need to, you can look for the necessary business contracts via KoffeeKlatch who are an excellent source for all your GDPR business matters are and have legal experts on board to guide you through all the legal jargon.
Only you, as the lead in your business and the expert in your field, know how to undertake your business to its ultimate, as a freelancer have to convey to your client how to proceed with a particular task, but they have been doing something one way, and you need to be assertive in doing that something a different way or enforce something, it can be a bit tricky.
Let me give you an example:
If your client was sending documents to a client (let’s say client A) with an attachment that contained sensitive data with details of name, date of birth and bank details etc, and your client happened to send the wrong PDF document to the client (let’s say client B), you would then be in an ICO breach position and have to report this incident as another client would have had access to another person’s data and you would have to write up a process of how the incident occurred and how you would rectify it, and how it would never happen again – all within 48 hours.
If you had a policy and process in place that you ensured that your client A (and their employees) had all of their PDF documents password-protected with each client’s own preferred passwords (by separate means, not via email), that if the wrongly-sent document from Client B with Client B’s password on was sent to Client A, if Client A tried to open with Client A’s password, and could not open because of the process in place. Then there is only an error made that needs to be rectified, and a breach avoided.
It is imperative that as a small business yourself you are following correct procedures and processes and ensure that as a data controller and processor that any work you undertake as a freelancer that you are compliant with work that you do not only for yourself but for others too.
If you need source PDF documents password-protecting then NottmVA can undertake that service for you. Please email for your enquiries.